Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sgooter's Infected PC [RESOLVED]


  • This topic is locked This topic is locked

#31
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I don't know whether any of my friends have an actual XP Home Edition CD, so I'll have to ask around to see what I can come up with.

Is there some alternative procedure we could use?

Thanks,
Sgooter
  • 0

Advertisements


#32
Matt

Matt

    Infected with AwesomeWare

  • Member
  • PipPipPip
  • 606 posts
Sgooter, do you have a copy of the XP cd that came with your computer? Try the steps using that cd. Some manufacturers will ship computers with full XP install cds.

Matt
  • 0

#33
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
No luck Matt.
My wife's Sony PC does not come with any restore CDs. Instead the recovery process is stored internally on the hard drive.

Let me ask again an earlier question: When I ran ActiveScan last night, should I have also taken steps to disinfect/remove any of the problem files when prompted?
Since your instructions did not tell me to disinfect/remove the problem files, I did not do so. that is, I only ran the scan function of ActiveScan.
  • 0

#34
Matt

Matt

    Infected with AwesomeWare

  • Member
  • PipPipPip
  • 606 posts
Sgooter, yes you could have had active scan assess what it found. But, by the way things are going, it wouldn't have been able to remove this. I am talking with people again about this, and I will have something posted for you as soon as possible.

Thanks,
Matt
  • 0

#35
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Matt,
I must now sign off for the evening and will resume tomorrow evening.
In general terms where are you located? My impression is that you might be on the West Coast since we typically begin interacting after 9PM EST.

Thanks again.
  • 0

#36
Matt

Matt

    Infected with AwesomeWare

  • Member
  • PipPipPip
  • 606 posts
Actually Sgooter, I am on the East Coast. I just usually don't get free time to log on until the evening. Hopefully we can have this resolved tomorrow.

Matt
  • 0

#37
Matt

Matt

    Infected with AwesomeWare

  • Member
  • PipPipPip
  • 606 posts
Please print out these directions and follow them very carefully.

Ok, Sgooter, perhaps we can do this off the harddrive.

First you need to create a dummy file.
Using Windows Explorer, open the C:\windows\system32 directory. Right click an open space and go to New > Text Document.
When Notepad opens, go up to File > Save As. Click the drop-down box to change the "Save As Type" to "All Files".
Name the text file awtqp.old and save it in the system32 directory.
Close all windows and programs.

Reboot your computer, and continually tap F8 as if you were to boot into Safe Mode. But, instead when the menu comes up, see if there is an option for Recovery Console and if there is, choose it.


If it is not there, just reboot your computer back normally, and let me know. We will have to try something else.


You will be prompted for the Administrator password. If none was set, press enter.
You will be offered which installation to start, eg;
1. C:\Windows
Press 1 and enter.
You will arrive at a C:\Windows prompt.
Type:

cd c:\windows\system32

hit enter.

Now to remove any attributes from and delete the file, then rename the dummy.

Type and hit enter after each line.

attrib -r awtqp.dll
attrib -h awtqp.dll
attrib -s awtqp.dll
del awtqp.dll
rename awtqp.old awtqp.dll
exit


The machine will restart.

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\awtqp.dll
O20 - Winlogon Notify: awtqp - C:\WINDOWS\SYSTEM32\awtqp.dll


Close HijackThis.

Reboot and post a new HiJackThis log.

Matt
  • 0

#38
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Matt,
Regarding a portion of your latest instructions:


"Reboot your computer, and continually tap F8 as if you were to boot into Safe Mode. But, instead when the menu comes up, see if there is an option for Recovery Console and if there is, choose it.

If it is not there, just reboot your computer back normally, and let me know. We will have to try something else.

You will be prompted for the Administrator password. If none was set, press enter.
You will be offered which installation to start, eg;
1. C:\Windows
Press 1 and enter.
You will arrive at a C:\Windows prompt.
Type:

cd c:\windows\system32

hit enter."

Are you certain that I need to enter the term cd before the c:\windows\system32 ?
My concern here is that I'm not using a Win XP CD-ROM in this case.
  • 0

#39
Matt

Matt

    Infected with AwesomeWare

  • Member
  • PipPipPip
  • 606 posts
Sgooter, yes, cd doesn't refer to your CD drive in this case, it means "change directory".

Matt
  • 0

#40
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Right after I sent you my stupid question, I remembered the DOS cd command for "change directory."
Sorry. :tazz:
  • 0

Advertisements


#41
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Matt,
I have rebooted the PC using the F8 key, and I do not see an option for Recovery Console, but I do see an option for Directory Services Restore Mode.

Again, this is a Sony desktop Vaio PC.

Your guidance?
  • 0

#42
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Matt,
My wife's PC is still awaiting a decision on which mode to use, so I'm sending this reply to you from my PC.
I looked closer at the options to pick from on her PC, and the option I expressed earlier should be fully expressed as:
Directory Services Restore Mode (Windows domain controllers only).
  • 0

#43
Matt

Matt

    Infected with AwesomeWare

  • Member
  • PipPipPip
  • 606 posts
Sgooter, that is not what we want. Reboot the computer normally, and follow these directions:

We're going to use a DOS Bootdisk instead of the recovery console.

Print these instructions out and make sure everything is entered exactly.

1. Locate a spare floppy disk, and insert it into the floppy drive.

2. Navigate to 'My Computer.' To do that, click Start -> My Computer

3. Once in the My Computer window, locate the 3 1/2 Floppy (A:) drive, and right-click it. From the appearing dialogue, select Format...

4. A new window should have come up. In that window, check the box next to the item reading 'Create an MS-DOS startup disk'.

5. Now, click the 'Start' button.

6. A warning will come up saying 'WARNING: Formatting will erase ALL data on this disk. To format the disk, click OK. To quit, click CANCEL.' Go ahead and click OK.

7. In a few moments, you will have a bootable MS-DOS startup disk. An alert box will pop up declaring a success with the message 'Format Complete'.

Now to the fix:

First you need to create a dummy file.
Using Windows Explorer, open the C:\windows\system32 directory. Right click an open space and go to New > Text Document.
When Notepad opens, go up to File > Save As. Click the drop-down box to change the "Save As Type" to "All Files".
Name the text file awtqp.old and save it in the system32 directory.
Close all windows and programs.
Insert the floppy disk into the drive.
The machine will need to have boot from floppy first enabled in the BIOS.
Reboot your computer, and wait for it to run from the floppy. Once booted, you should be in a DOS looking environment.

Type:

cd c:\windows\system32

hit enter.

Now to remove any attributes from and delete the file, then rename the dummy.

Type and hit enter after each line.

attrib -r awtqp.dll
attrib -h awtqp.dll
attrib -s awtqp.dll
del awtqp.dll
rename awtqp.old awtqp.dll
exit


The machine will restart or shut down. Once done so, remove the floppy, and boot your computer normally.

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\awtqp.dll
O20 - Winlogon Notify: awtqp - C:\WINDOWS\SYSTEM32\awtqp.dll


Close HijackThis.

Reboot and post a new HiJackThis log.

Matt
  • 0

#44
Sgooter

Sgooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
The PC booted from the boot floppy disk and eventually give an A:\ prompt.

When I type in cd c:\windows\system32, the result is:
Invalid drive specification

I've tried a couple of variations to changed the directory, but the result is sill: Invalid drive specification.
I have also tried to simply enter c:\, but again the same result.

Awaiting your guidance.
  • 0

#45
Matt

Matt

    Infected with AwesomeWare

  • Member
  • PipPipPip
  • 606 posts
Ok Sgooter, we're going to test something else now :tazz:

Please download http://www.atribune.org/test.zip

Once downloaded please unzip it to your desktop and run test.bat

When you run it you will be asked are you sure type y for yes and press enter.
  • Open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....


  • At this point press enter one time.


  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:



  • At this point please type the following file path (make sure to enter it exactly as below!):
    C:\WINDOWS\SYSTEM32\awtqp.dll


  • Press Enter to continue with the fix.


  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    C:\WINDOWS\SYSTEM32\pqtwa.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:[list]

    O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\awtqp.dll
    O20 - Winlogon Notify: awtqp - C:\WINDOWS\SYSTEM32\awtqp.dll

Now reboot your computer.

Then please post a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

Matt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP